Payments fraud is rising, and small and medium-sized business owners are feeling the strain well beyond the transaction itself. Every dispute adds hours of follow-up work, which cuts into time that would otherwise be spent running and growing the business.
Today’s threats are designed to look legitimate, making fraud more difficult to spot and easier to fall for. According to the Federal Trade Commission, consumers and businesses reported a record $15.9 billion in fraud losses in 2025.
Without the right systems in place, even routine payment processing can become a source of risk rather than a driver of growth for many businesses.
To better understand how these challenges are impacting day-to-day operations, we surveyed over 500 small and medium-sized business (SMB) owners across the U.S., exploring how often they encounter fraud, how they respond, and the time and resources required to manage it.
Key Takeaways
- Over one in three SMB owners who took action against fraud in the past year were forced to dip into personal savings to cover chargeback fees, payroll, or inventory gaps.
- Fraud is most likely to take the following personal toll on SMB owners: increased anxiety about sales (51%), burnout (45%), and second-guessing business decisions (29%).
- 31% of SMBs have faced AI-driven scams this year, with 20% reporting sophisticated AI-generated invoices and payment requests.
- Nearly one in three SMBs has no merchant charge protection processes in place.
How Payments Fraud Is Evolving and Why It’s Harder for SMBs to Manage
Fraud has become more advanced and harder to catch. It slips into everyday business activity, raising minimal red flags. For many SMBs, the biggest challenge is the convincing nature of these attacks, making reliable chargeback protection essential for merchants to verify legitimate claims.
The most common tactics business owners report facing highlight just how varied and believable these threats have become:
- Phishing & social engineering (deceptive emails or texts used to steal payment data or redirect funds): 50%
- Chargeback abuse (false “item not received” or “unauthorized charge” claims): 31%, highlighting the growing need for stronger chargeback protection for merchants
- AI-generated invoices or payment requests (realistic requests posing as vendors or executives): 20%
- Stolen credit/debit cards (unauthorized transactions using compromised details): 20%
- Email-based money rerouting (impersonating vendors or executives to redirect payments): 13%
- AI-generated fake identities (synthetic profiles used to open accounts or bypass checks): 12%
Requests that look familiar are much more likely to be processed without hesitation, especially in fast-moving environments where teams are focused on keeping operations running smoothly. In my role as Chief Risk and Compliance Officer at Kurv, I’ve watched fraud shift from something opportunistic to something deeply engineered. With AI, attackers can generate highly convincing requests and identities at scale, making it much harder to rely on surface-level checks alone.
This shift is also reflected in how frequently businesses encounter AI-driven fraud:
- 31% of SMB owners have faced AI-driven scams this year
- 20% report sophisticated AI-generated invoices or payment requests
- Among SMB owners who have encountered AI-enhanced claims (e.g., fake images or videos), nearly three in 10 say it happens every week.
- Among SMB owners who have encountered AI-generated identities in fraud attempts, nearly one in four say they encounter them weekly.
We’re seeing a shift where fraud now comes with proof that looks real. It’s imperative not to take evidence at face value; instead, validate the behavior behind it and use layered checks to confirm who’s actually on the other side of the transaction. This “shield of layers” isn’t about investing in the most expensive tools, but about adding practical checks that make fraud harder to carry out.
That can include requiring native file uploads to verify image metadata and using out-of-band verification, such as a separate phone call or confirmation step, for any requests involving changes to payments or fund transfers. These small steps can create enough friction to deter automated attacks. By adding verification layers at key points, SMBs can significantly reduce the likelihood of fraud.
As these tactics evolve, the likelihood of experiencing fraud varies across sectors, highlighting a universal need for more secure payment solutions:
- Brick-and-mortar: 70%
- E-commerce: 69%
- Professional services: 56%
- Home services: 50%
For many small businesses, the real strain of fraud comes from the time and effort required to investigate, respond to, and resolve disputes, often pulling focus away from day-to-day operations.
Fraud’s impact on small businesses is also disproportionately high compared to larger organizations. According to the Association of Certified Fraud Examiners, companies with fewer than 100 employees had a median loss of $141,000, the second-largest loss among organizational size categories. The losses may be smaller on paper, but they can have a bigger impact on SMBs since they make up a larger portion of their revenue. The report also estimates that organizations lose roughly 5% of annual revenue to fraud.
Fraud adds a layer of work that’s hard to ignore. Tracking deliveries, pulling logs for merchant account providers, and updating records can quickly eat into time that should be spent running and growing the business.
From what I’ve observed, fraud adds a significant time burden alongside the financial loss for most small businesses. Without dedicated chargeback management software, gathering evidence, checking records, and following up with customers can pull focus away from day-to-day operations. As AI-generated claims become more realistic, verifying what’s genuine is taking more time and scrutiny.
The most time-intensive phases of the dispute process:
- Evidence Collection: 44%
- Customer Communication: 37%
- Checking Records: 18%
- Technical Investigation: 17%
- Fixing the Books: 13%
- Loss Analysis: 12%
Despite the time burden, only 70% of SMBs have fraud protection measures in place, and many still rely on manual or reactive approaches rather than integrated payment solutions.
Top fraud protections currently in place:
- Manual review team: A human (staff member) who manually reviews “flagged” orders before shipping: 29%
- Standard gateway checks: Basic card checks (like verifying the billing address and the three-digit security code on the back of the card): 27%
- Internal blacklists: Lists teams keep of blocked emails, IP addresses, or shipping addresses: 22%
- Extra security steps at checkout: A text code sent to the customer: 21%
- Post-transaction alerts: Chargeback management software that notifies the merchant the moment a chargeback is initiated: 15%
- Identity verification (IDV): Manually or automatically requiring customers to upload a government ID for high-risk orders: 11%
Most businesses end up using several tools to manage fraud, and they don’t always work as well as integrated payment gateway solutions. That usually means more hands-on work, like checking things in multiple places and trying to connect the dots, instead of stopping fraud earlier in the process. It becomes even more important when evaluating payment gateway solutions or choosing between merchant account providers, since fraud protection levels can vary.
Adoption of fraud protection measures also varies widely by industry, often reflecting differences in transaction volume and risk exposure:
- Brick-and-mortar: 88%
- E-commerce: 76%
- Home services: 71%
- Professional services: 61%
Even with protections in place, the impact of fraud extends beyond operations and into the day-to-day experience of running a business. Across industries, business owners report clear emotional and professional strain:
- Brick-and-mortar – Increased anxiety over online sales: 55%
- E-commerce – Increased anxiety over online sales: 70%
- Home services – Stress or burnout: 65%
- Professional services – Stress or burnout: 57%
Perhaps most concerning, half of SMB owners say they would process certain requests without secondary verification, even when they could be fraudulent. The top requests include:
- The bank fraud alert: A text from a bank asking the recipient to click a link to verify a suspicious charge to prevent a business debit card from being frozen: 29%
- The review scam: A customer emailing a link to a photo of a subpar item or service, hosted on a Google Drive or Dropbox link that requires a login: 16%
- The shipping snafu: A text or email from FedEx or UPS about an office package held in customs that requires a redelivery fee paid via a link: 13%
- The legal threat: A notice of trademark infringement or tax audit email with a password-protected PDF that requires the user to run a small program to see specific charges: 12%
- The late vendor payment: An email from a regular supplier (using their actual name) claiming they’ve changed banks and need an invoice paid to a new ACH account to avoid a shipping delay: 10%
- The payroll pivot: An email from a long-time employee asking to update their direct deposit to a new digital bank due to an issue with their old account: 8%
My rule of thumb is simple: if a request involves money movement or sensitive changes, it shouldn’t rely on trust alone. Verifying through a second channel is an incredibly easy, low-cost way to prevent these attacks before they escalate.
Rethinking Fraud Prevention
Beyond draining time and resources, payments fraud undermines trust and stifles confidence for small and medium-sized businesses. As tactics become harder to spot, implementing integrated payment solutions and payment processing can reduce the hours spent reviewing transactions, gathering evidence, and managing disputes.
For SMBs, the path forward is to adopt smarter, more integrated payment solutions that reduce complexity, strengthen verification, and free up time to focus on growth.
Tools like Kurv’s chargeback management software can help streamline that process by making it easier to manage disputes and keep track of claims. In a time when AI-driven fraud is increasing and designed to blend in, the businesses that stay ahead of the curve will be the ones that make security seamless, not reactive.
How Kurv Helps SMBs Fight Back
In addition to draining time and resources, payments fraud undermines trust and stifles confidence for SMBs. As tactics look deceptively authentic the path forward is to adopt smarter, integrated payment solutions that reduce complexity, strengthen verification, and free up time to focus on growth. Kurv’s platform is designed to make security seamless rather than reactive, specifically addressing the pain points identified in our research.
1. Proactive Defense: Stopping Fraud Before It Happens
SMB owners can reduce the hours spent reviewing transactions by utilizing Kurv’s behavior and velocity-based risk analysis. Our system tracks customer behavior patterns and flags unusual transaction speeds. While also looking at volume to detect bots and card testing before they escalate into chargebacks.
2. Advanced Identity Protection and CNP Security
Kurv provides transaction-level scrutiny of IP addresses, device fingerprints, and CVV data instantly to prevent identity theft at checkout. For businesses operating online, our card-not-present (CNP) monitoring uses tokenization to replace sensitive card data with unique digital identifiers. This helps us ensure that customers’ actual card numbers are never stored in your system. To take things a step further, we combine these protections with address verification (AVS) and CVV/PIN checks, building a shield of layers that remains resilient even as fraud tactics improve.
3. Streamlined Chargeback and Friendly Fraud Management
Evidence collection is the most time-intensive phase of a dispute for 44% of SMBs according to our study. Kurv’s chargeback management software streamlines this process by:
- Preventing order not received claims: Integrates shipping and delivery updates to provide evidence instantly.
- Flagging refund abuse: Identifying inconsistent customer behavior across accounts to stop friendly fraud before it impacts revenue.
- Reducing confusion: Customizing billing descriptors so customers recognize their purchases, preventing accidental disputes.
4. Future-Proof Security with PCI DSS 4.0 Compliance
Kurv maintains the highest industry standard of PCI Compliance, level one, actively helping merchants navigate the transition to PCI DSS 4.0. This most recent version introduces stricter requirements for multi-factor authentication (MFA) and enhanced monitoring of e-commerce payment pages. We handle the technical complexities of compliance so business owners can stop second-guessing their security and focus on what matters most: growing their business.
Methodology
To explore how fraud is impacting SMBs, we surveyed 511 small and medium-sized business owners in America. The data has a 95% confidence level and a low 4% margin of error. Because this exploratory research relied on self-reported data, respondents may have biases, and discrepancies may exist between their answers and their actual experiences.
Fair Use Statement
We’d love for you to share these findings, but please attribute to Kurv by sharing a link to this page.
